I don't really follow the code snippet you presented here, but it sounds to me that you have generated a closure. This is a very usual mod_perl issue.
See: http://perl.apache.org/docs/general/perl_reference/perl_reference.html#Understanding_Closures____the_Easy_Way
Also look at this: http://perl.apache.org/docs/general/perl_reference/perl_reference.html#my___Scoped_Variable_in_Nested_Subroutines
In general you should not declare subroutines inside ASP pages. (However, I have the rather faint memory that the newest version of Apache::ASP presents a workaround... others will probably comment on this.)
- Csongor
Okay, I've gotta bounce this off some other programmers who work with Apache::ASP.
This has been reported twice.
Procedure:
User loads signup form
Result:
User sees somebody else's credit card data - VERY VERY VERY BAD
Attempts by programmer to recreate:
Fruitless.
Thoughts:
I store the form data in a variable. This is a my scoped variable in the root file scope.
I then utilize this $frm variable in a subroutine that I call, without passing the value. Utilizing it as a global variable, for the file, at least.
The simplest case for example:
---index.asp--- <[EMAIL PROTECTED]> <% my $frm = $Request->Form();
Main(%Results);
sub Main { %>various html stuff <input type=text name="cc_number" value="<%=$frm->{'cc_number'}%>"> more html stuff%> } %> ---index.asp---
Now what has happened, reportedly twice (probably many more times), is that the Main() subroutine displays the cc_number that was entered BY A DIFFERENT SESSION!
The question is. Is it at all possible that some other session (perhaps within the same apache process) acquired some other value of $frm through the persistant-across-page-loads value of $frm within Main? I think you programmers can understand what I'm asking, though it seems muddled even as I try to type it.
As I understood it, a file 'my' scoped variable would NOT be persisted anywhere, but is considered global within subroutines in the same file.
Maybe I'm wrong. I know that its ugly what I did there, and I have revised my code to pass the $frm variable from the file scope to the subroutine. Much prettier.
Your thoughts?
Skylos
- [EMAIL PROTECTED] - The best part about the internet is nobody knows you're a dog. (Peter Stiener, The New Yorker, July 5, 1993) - Dogs like... TRUCKS! (Nissan commercial, 1996) - PGP key: http://dogpawz.com/skylos/mykey.asc
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
